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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 

2. Applicant's submission filed on 08/20/2008 has been entered. Claims 1-17, 26-27 
are pending in this Application. 

Response to Arguments 

3. Applicant's arguments filed on 08/20/2008 have been fully considered but they 
are not persuasive for the following reasons: 

Applicant argues that Gai does not disclose "capturing objects or even traffic that 
has passed through the system" and "capturing objects or generating a tag describing 
them". However, Gai discloses (on column 1 lines 60-66, column 2 lines 1-15, Figures 
2, 6, 7A and 7B) some networking software, including the Internet Operating System 
(IOS) from Cisco Systems, Inc., support the creation access control lists or 
filters, which are typically used to prevent certain traffic from entering or exiting a 
network. In particular, certain layer devices utilize access lists to control whether 
routed packets (capturing objects) should be forwarded or filtered (i.e., dropped) by the 
device based on certain predefined criteria. When a packet is received by such a 
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device, it is tested against each of the criteria statements of the corresponding list. If a 
match is found, the packet is either forwarded or dropped as provided by the list. The 
criteria may be source address, destination address, or upper-layer application based 
on their TCP/UDP port numbers. For example, an access list may allow e-mail to be 
forwarded but cause all Telnet traffic to be dropped. Access lists may be established 
for both inbound and outbound traffic and are most commonly configured at layer 
devices located at the border of a network (i.e., gateways or firewalls) to provide 
security to the network. In addition, Gai discloses traffic type (500 kb/s VIDEO 
CONFERENCE, 2 Mb/s VIDEO CONFERENCE, and so on) as traffic that has passed 
through the system. Finally, Gai discloses IP address, TCP, NETWORK 
PROTOCOL/PORT NUMBER and so on in tables 7A and 7B as the tag has been 
generating or creating to describe the capturing objects (data frames). 

Applicant argues that Gai does not disclose "generating for storage of 
objects captured during transmission from an origination address to a destination 
address". However Gai discloses (on Figures 7A, 7B, column 12 lines 31-66, column 
1 3 lines 1 -41 , column 1 4 lines 2-66, column 1 5 lines 1 -58) fields name (such as IP 
addresses, TCP and so on) or locations have been generating for storage of objects 
captured during transmission from an origination address to a destination address. 

Applicant argues that Gai does not disclose "storing data in the fields to create a 
tag that indexes the captured object in storage". However Gai disclose (on Figures 7A, 
7B) IP address or TCP are storing in IP ADDRESS and NETWORK PROTOCOL/PORT 
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NUMBER fields which create as a tag and the tag is use to indexing a captured object in 
storage. 

Applicant argues that Gai does not disclose "storing data associated with capture 
of an object by a capture system to create a tag that indexes the captured object in 
storage". However, Gai discloses (Figures 7A, 7B, column 3 lines 65-66, column 4 
lines 1-16) source address, destination address, TCP/UDP port numbers are storing 
data associated with capture of an object by a capture system to create a tag that 
indexes the captured object in storage. 

Examiner respectfully disagrees with all other allegations as argued as will be 
discussed in detail below. Examiner, in her previous office action gave detail 
explanation of claimed limitation and pointed out exact locations in the cited prior art. 

Examiner is entitled to give claim limitations their broadest reasonable 
interpretation in light of the specification. See MPEP 21 1 1 [R-1] 

Interpretation of Claims-Broadest Reasonable Interpretation 

During patent examination, the pending claims must be 'given the 
broadest reasonable interpretation consistent with the specification'. 

Applicant always has the opportunity to amend the claims during prosecussion 
and broad interpretation by the examiner reduces the possibility that the claim, once 
issued, will be interpreted more broadly than is justified. In re Prater, 162 USPW 
541,550-51 (CCPA1969). 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), 
by another filed in the United States before the invention by the applicant for patent or (2) a 
patent granted on an application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international application filed under the treaty 
defined in section 351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and 
was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-9, 26 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
7,185,073 B1 issued to Gai et al. ("Gai"). 

As per claim 1 , Gai teaches "a computer readable medium having stored thereon 
data representing instructions that, when executed by a processor, cause the processor 
to perform operations comprising": 

generating a tag describing an object captured during transmission from an origination 
address to a destination address, wherein the tag includes, 

"a source address field to indicate an origination address of the object," (column 1 lines 
17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 
51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 
11-66, column 16 lines 1-5), 

"a destination address field to indicate a destination address of the object," (column 1 
lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 
lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 
lines 11-66, column 16 lines 1-5), 
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"a source port field to indicate an origination port of the object," (column 1 lines 17-66, 
column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, 
column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 11-66, 
column 16 lines 1-5), 

"a destination port field to indicate a destination port of the object," (column 1 lines 17- 
66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5), 
"a content field to indicate a content type from a plurality of content types identifying a 
type of content contained in the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6), and 
"a time field to indicate when the object was captured," (column 14 lines 30-46); and 
"storing the tag in a database, wherein the tag indexes a captured object in storage," 
(Figures 7A, 7B). 

As per claim 2, Gai further shows "the plurality of content types," comprises: 
"JPEG, GIF, BMP, TIFF, PNG, Skintone, PDF, MSWord, Excel, PowerPoint, MSOffice, 
HTML, WebMail, SMTP, Telnet, Rlogin, FTP, Chat, GZIP, ZIP, TAR, C++ Source, C 
Source, FORTRAN Source, Verilog Source, C Shell, K Shell, Bash Shell, Plaintext, 
Crypto, LIF, Binary Unknown, ASCII Unknown, and Unknown," (column 11 lines 48-66, 
Fig. 7B, Fig. 6). 

As per claim 3, Gai further shows "generating a device identity field to indicate a 
device that captured the object," (column 12 lines 46-66, column 13 lines 1-6). 

As per claim 4, Gai further shows "generating a protocol field to indicate the 
protocol that carried the object," (column 12 lines 46-66, column 13 lines 1-6, Fig. 7B). 
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As per claim 5, Gai further shows "an instance field to indicate a 
number of the object in a connection," (column 14 lines 30-62). 

As per claim 6, Gai further shows "generating an encoding field to indicate a how 
the object was encoded," (column 19 lines 1-14, column 19 lines 26-37). 

As per claim 7, Gai further shows "generating a size field to indicate the size of 
the object," (column 8 lines 40-52). 

As per claim 8, Gai further shows "generating an owner field to indicate an 
entity that requested capture of the object," (column 12 lines 10-23, column 18 lines 37- 
66). 

As per claim 9, Gai further shows "generating a capture rule field to indicate a 
rule that triggered capture of the object," (column 19 lines 1-37). 

As per claim 26, Gai teaches "a method to index a captured object, comprising": 
generating for storage of objects captured during transmission from an origination 
address to a destination address: 

"a source address field to indicate an origination address of the object," (column 1 lines 
17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 
51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 
11-66, column 16 lines 1-5); 

"a destination address field to indicate a destination address of the object," (column 1 
lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 
lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 
lines 11-66, column 16 lines 1-5); 
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"a source port field to indicate an origination port of the object; a destination port field to 
indicate a destination port of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a content field to indicate a content type from a plurality of content types identifying a 
type of content contained in the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6); and 
"a time field to indicate when the object was captured," (column 14 lines 30-46); and 
"storing data in the fields to create a tag, the tag indexing a captured object in storage," 
(Figures 7A, 7B). 

Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

7. Claims 10-17, 27 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. 7,185,073 B1 issued to Gai et al. ("Gai") and in view of "Cryptographic Hash 
Functions" issued to Bart Preneel ("Preneel"). 

Gai teaches the data structure of claim 10, set forth in the rejection of claim 1 
above but does not explicitly teach: "generating a signature field to store a signature of 
the object". However, Preneel teaches a similar data structure of hash function (pages 
2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill in the art 
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at the time of the invention was made to provide the data structure of Gai with the 
teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 

As per claim 1 1 , Preneel and Gai teach the data structure of claim 10 discussed 
above. Preneel also teaches: "the signature comprises a digital cryptographic 
signature," (pages 2-5 sections 2-2.3). 

Gai teaches the data structure of claim 12, set forth in the rejection of claim 1 
above but does not explicitly teach: "generating a tag signature field to store a signature 
of the data structure". However, Preneel teaches a similar data structure of hash 
function (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention was made to provide the data 
structure of Gai with the teaching of Preneel by using the hash function to solve the 
security problems in telecommunication and computer networks. 

As per claim 13, Preneel and Gai teach the data structure of claim 12 discussed 
above. Preneel also teaches: "the tag signature comprises a digital cryptographic 
signature," (pages 2-5 sections 2-2.3). 

As per claim 14, Gai does not explicitly teach: "a computer readable medium 
having stored thereon data representing instructions that, when executed by a 
processor, cause the processor to perform operations comprising": 
storing data associated with capture of an object by a capture system to create a tag 
that indexes the captured object in storage, the data comprising: 
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"an Ethernet controller MAC address of the capture system that captured the object," 
(column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 8 lines 53-66, 
column 9 lines 1-4, column 8 lines 31-66, column 9 lines 1-4); 

"a source Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a destination Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 
1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a source TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 1- 
66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a destination TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 

1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31- 

66, column 9 lines 1-4, column 15 lines 11-66, column 16 lines 1-5); 

"an IP protocol that carried the object when captured by the capture 

system," (column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 

lines 12-34, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 

lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 -5); 
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"a canonical count of a number of the object within a TCP/IP connection," (column 2 
lines 15-27); 

"a content type of the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6); 

"an encoding that was used on the object," (column 19 lines 1-14, column 19 lines 26- 

37); 

"a size of the object," (column 8 lines 40-52); 

"a timestamp indicating when the capture system captured the object," (column 14 lines 
30-46); 

"a user who requested capture of the object," (column 12 lines 10-23, column 18 lines 
37-66); 

"a capture rule that directed capture of the object," (column 19 lines 1-37); 
"a hash signature of the object," (pages 2-5 sections 2-2.3); 
and a hash signature of the tag," (pages 2-5 sections 2-2.3). 

However, Preneel teaches hash function of the object and hash function of the 
tag (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill 
in the art at the time of the invention was made to provide the data structure of Gai with 
the teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 

As per claim 15, Preneel and Gai teach the data structure of claim 14 discussed 
above. Preneel also teaches: "the hash signature of the object comprises a digital 
cryptographic signature of the object," (pages 2-5 sections 2-2.3). 
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As per claim 16, Preneel and Gai teach the data structure of claim 14 discussed 
above. Preneel also teaches: "the hash signature of the tag comprises a digital 
cryptographic signature of the tag," (pages 2-5 sections 2-2.3). 

As per claim 1 7, Gai teaches: "the content type of the object is one of JPEG, GIF, 
BMP, TIFF, PNG, Skintone, PDF, MSWord, Excel, PowerPoint, MSOffice, HTML, 
WebMail, SMTP, Telnet, Rlogin, FTP, Chat, GZIP, ZIP, TAR, C++ Source, C Source, 
FORTRAN Source, Verilog Source, C Shell, K Shell, Bash Shell, Plaintext, Crypto, LIF, 
Binary Unknown, ASCII Unknown, and Unknown," (column 11 lines 48-66, Fig. 7B, Fig. 
6). 

As per claim 27, Gai does not explicitly teach "a method to index a captured 
object, comprising": 

storing data associated with capture of an object by a capture system to create a tag 
indexing the captured object in storage, the data comprising: 
"an Ethernet controller MAC address of the capture system that captured the object," 
(column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 8 lines 53-66, 
column 9 lines 1-4, column 8 lines 31-66, column 9 lines 1-4); 

"a source Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a destination Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 
1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
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16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a source TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 1- 
66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a destination TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 

1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31- 

66, column 9 lines 1-4, column 15 lines 11-66, column 16 lines 1-5); 

"an IP protocol that carried the object when captured by the capture 

system," (column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 

lines 12-34, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 

lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 -5); 

"a canonical count of a number of the object within a TCP/IP 

connection," (column 2 lines 15-27); 

"a content type of the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6); 

"an encoding that was used on the object," (column 19 lines 1-14, column 19 lines 26- 

37); 

"a size of the object," (column 8 lines 40-52); 

"a timestamp indicating when the capture system captured the 

object," (column 14 lines 30-46); 
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"a user who requested capture of the object," (column 12 lines 10-23, column 18 lines 
37-66); 

"a capture rule that directed capture of the object," (column 19 lines 1-37); 
"a hash signature of the object," (pages 2-5 sections 2-2.3); 
"a hash signature of the object," (pages 2-5 sections 2-2.3); and 
"a hash signature of the tag," (pages 2-5 sections 2-2.3). 

However, Preneel teaches hash function of the object and hash function of the 
tag (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill 
in the art at the time of the invention was made to provide the data structure of Gai with 
the teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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Contact Information 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kim T. Nguyen whose telephone number is (571)270- 
1757. The examiner can normally be reached on 7:30AM to 5:00PM East. Alt Friday 
off. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Don Wong can be reached on 571-272-1834. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Nov. 03, 2008 



IK. T. N./ 

Examiner, Art Unit 2163 
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/don wong/ 

Supervisory Patent Examiner, Art Unit 2163 
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